Medichi.exe Virus

Filed Under (Misc.) by Kirby Witmer on 26-12-2007

Tagged Under : , , ,

Have you been struggling with the nasty medichi.exe virus? I’ve been trying to remove it on a customer’s computer for days, and haven’t been getting anywhere. This virus goes the whole way by disabling access to your Control Panel, Task Manager, Spybot Search & Destroy, and Norton Internet Security. Apparently its a new virus that none of the virus companies have a fix for yet. The only one that detects it is Microsoft, but they can’t actually remove it successfully yet. At least they didn’t for me.

Basically this is what I did to fix the problem.

UPDATE: Symantec now calls it Trojan.Virantix.B and has a document outlining how to remove it. Please follow those steps instead.

1. Download Process Master and install it.
2. Run Process Master and kill the following processes if running, medichi.exe medichi2.exe and suspend.exe.
3. Show System and Hidden files in Windows Explorer, by going to Tools and then Folder Options and selecting the view tab. Select the “Show Hidden files and folders” and also uncheck “Hide Protected Operating System Files”. Click Yes, and then OK.
4. Delete the following files if existing.
  C:\Windows\Medichi.exe
  C:\Windows\Medichi2.exe
  C:\Windows\System32\suspend.exe

5: Search the registry for “Medichi” and delete every reference to it.
6. Restart Windows.

These steps were taken from here.
Note: The one step over there involves patching ProcessMaster to avoid paying for it. It doesn’t mention that anywhere, but thats what happens if you follow it. If you want to stay legal, please pay for ProcessMaster instead of simply patching it.

Read More

Comments:

3 Responses to “Medichi.exe Virus”

  1. john on 29 Dec 2007 at 7:32 pm #

    try SysInternal’s Process Explorer

  2. Kristy on 3 Jan 2008 at 11:24 am #

    I just have to say, I downloaded the Norton 360 product and because I already have the virus, the files are apparently corrupt. I then paid an additional $100 for them to clean my PC. I have spent over 5 hours on the phone with them and they/we have spent about 7 hours on my PC and they still cannot fix it.

    This virus has gone as far as deleting or corrupting an associations file so I cannot open any programs. Now, I cannot access the internet. I have nothing left but to search the internet at work looking for solutions.

    I went to another site and downloaded SDfix and that would not install either.

    UGH!

  3. hazinto on 11 Apr 2008 at 6:41 am #

    i can help you remove that medichi virus and its component without formating and reintalling the windows xp or vista, with a little amount in return, icq me at 238559719 stop wasting huge amount of money, no anti virus can cure it yet

Leave a Reply